Re: "Debian hardened" ;-)
Albretch Mueller wrote:
> I am not trying to bait anyone into an argument. It is just that
> IMHO, even though I see that gentoo has its appeal and value, using it
> for servers is not such as manageable as other distros.
> However, I still like very much the gentoo hardened project.
> // __ http://www.gentoo.org/proj/en/hardened/
> // __ http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml
> Do you know of Debian based attempts to security including all these
> sec features gentoo Linux does?
> Doesn't seem to be active for almost more than 3 years already
> I am concretely trying to device something like a Debian baseline
> with a gentoo hardened-like security infrastructure
> There exist tutorials on how to setup SELinux on Debian
> I am trying to also setup on top of it stuff like PaX/Grsecurity,
> RSBAC ... a la gentoo hardened
> Any ideas you would like to share?
Work is under way. See http://wiki.debian.org/Hardening for a brief outline.
A prototype wrapper has been hacked together and Lucas Nussbaum did a full
archive rebuild for i386 with most of the hardening options enabled. This
needs a little bit more work, but after that it should be ready to be announced
to the developers at a larger scale.